winpr/ssl: Load legacy provider when initializing OpenSSL 3.0
With OpenSSL 3.O, FreeRDP log contains errors like: ``` 4036740A4C7F0000:error:0308010C:digital envelope routines: inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346: Global default library context, Algorithm (MD4 : 85), Properties () ``` This leads to connection failures in some cases. This is because algorithms like MD4 are now part of the legacy provider, which is not loaded by default. Let's explicitly load that provider. With this change, also the other provides has to be explicitely loaded.
This commit is contained in:
parent
5537667e0c
commit
1783d65541
@ -33,6 +33,10 @@
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
#include <openssl/provider.h>
|
||||
#endif
|
||||
|
||||
#include "../log.h"
|
||||
#define TAG WINPR_TAG("utils.ssl")
|
||||
|
||||
@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags)
|
||||
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
|
||||
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (!EVP_default_properties_is_fips_enabled(NULL))
|
||||
#else
|
||||
if (FIPS_mode() != 1)
|
||||
@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
|
||||
return FALSE;
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
/* The legacy provider is needed for MD4. */
|
||||
OSSL_PROVIDER_load(NULL, "legacy");
|
||||
OSSL_PROVIDER_load(NULL, "default");
|
||||
#endif
|
||||
|
||||
g_winpr_openssl_initialized_by_winpr = TRUE;
|
||||
return winpr_enable_fips(flags);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user